Thursday, February 09, 2006

First Encounter with Scapy

After read several papers and presentations in network security field that mentioning scapy, I decided to try it.

From the Scapy website :

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.

What interest me are :

  • scapy is written in Python. I am quite familiar with this computer language. I code translation tools in this language about 4 years ago.
  • it supports many network protocol even wifi (you need Wifitap tool :D)
I download the latest scapy version from http://www.secdev.org/projects/scapy/.
And the installation process is a breeze. I just put it in my working directory. BTW, scapy needs several optional package to work as advertised. But in my system I don't follow that. :D

I just put http://www.iana.org/assignments/ethernet-numbers to /etc/ethertypes.

You need to run scapy as root.

In this first encounter, I will try to ping to other host :

>>> sr(IP(dst="192.168.198.128")/ICMP())
Begin emission:
*Finished to send 1 packets.

Received 1 packets, got 1 answers, remaining 0 packets
(, )

Looks good.

Next I tried to ping localhost :

# python scapy.py
INFO: did not find python gnuplot wrapper . Won't be able to plot
INFO: Can't import PyX. Won't be able to use psdump() or pdfdump()
Welcome to Scapy (1.0.3.1beta)

>>> sr1(IP(dst="127.0.0.1")/ICMP())
Begin emission:
.Finished to send 1 packets.

Received 1 packets, got 0 answers, remaining 1 packets

It looks like there is an error, but I don't know where.

If you know what's wrong and how to fix that, please let me know.

No comments: